We’ve initiated the migration of SpringBoot microservices from the local setup to the VPS server, beginning with the Config Server microservice.
The migration steps include:
- Prepare the VPS
- Update OpenJDK
- Prepare SpringBoot
- Switch profile
- Build and Package
- Transfer files
- Run on VPS
- Config Firewall
- Config SSL
- Recompile SSL from server
- SSL Trust
Config Server
Step 1: Profile Switch from Local to Test
Given that the Config Server relies on SSL for data security, the SSL configurations differ between the local and VPS servers. Consequently, we’ve segregated the configurations into three distinct sets to accommodate these variations.
| Version | Function |
|---|---|
| application.properties | control which profile to use |
| application-local.properties | for local environment |
| application-test.properties | for VPS server |
Subsequently, we packaged the service and employed the rsync command to transfer the code to the server. Following this, we attempted to start the service using the command java -jar 8700_server_config-0.0.1-SNAPSHOT.jar.
Step 2: Resolving Version Compatibility
We encountered an issue wherein the Spring Boot application was configured with openjdk 19, whereas the server was equipped with openjdk 11.
Initially, we utilized the following commands to check the Java version (java -version) and the CentOS version (cat /etc/centos-release).
Following that, we utilized SDKMAN to install the most recent version of openjdk.
curl -s "https://get.sdkman.io" | bash
source "$HOME/.sdkman/bin/sdkman-init.sh"
sdk list java
sdk install java 21.0.1-oracle
sdk default java 21.0.1-oracle
java -version
The IntelliJ setup includes two versions: version 11, which operates with openjdk 19, and version 17, which is compatible with openjdk 17. It’s necessary to review each microservice accordingly.
Step 3: Configuring Firewall
As we’ve initiated some new ports, it’s necessary to open them in the VPS server’s firewall settings. The commands are as follows:
// show all ports
sudo firewall-cmd --list-ports
// show all services
sudo firewall-cmd --list-services
// add new port
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
// make it work
sudo firewall-cmd --reloadStep 4: Expired SSL Certificate
The SSL certificate previously generated by Richard in SpringBoot has expired, leading to a browser error (SEC_ERROR_EXPIRED_CERTIFICATE). To resolve this, we accessed the server vendor’s AutoSSL page and downloaded the relevant SSL certificate, private key, and Certificate Authority (CA).
Then, we need to convert these files to a ‘jks’ format to ensure compatibility with SpringBoot.
// Step 1: Convert Certificate and Private Key to PEM Format
cat server.crt server.key > server.pem
// Step 2: conver them to pkcs12
openssl pkcs12 -export -out keystore.p12 -in combined.pem -name your_alias
// Step 3: import them to keystore
keytool -importkeystore -srckeystore server.jks -destkeystore server.jks -deststoretype pkcs12
// Step 4: convert the keystore to pkcs12
keytool -list -v -keystore server.jksStep 5: Untrusted SSL Certificate Authority (CA)
We completed this process on our local Mac computer and now need to replicate it on the VPS server as well.
// find the cacerts location on VPS
find ~/.sdkman -name cacerts
// for Mac (just for reference)
keytool -import -trustcacerts -file server.ca -alias server -keystore $(/usr/libexec/java_home)/lib/security/cacerts
// for VPS
keytool -import -trustcacerts -file server.ca -alias server -keystore /root/.sdkman/candidates/java/21.0.1-oracle/lib/security/cacertsBy following the aforementioned steps, We’ve effectively transferred both the Config Server and Config Client to the VPS server, ensuring that the Spring-Cloud-Config functionality is operational.